In my stack, I have an ACM certificate that is utilized by a CloudFront distribution. When resources are being replaced, the certificate is always attempting to be deleted before the distribution, which fails because obviously the distro still depends on the cert. Shouldn't the distribution be deleted or updated and then the certificate deleted? Happy to file an issue if needed, just wondering if anyone else has experienced this.